<?php

/**
 * This file holds the library functions for user session management.
 * 
 * @package Session_library
 */


require_once("lib/db.lib.php");
require_once("conf/site.conf.php");

/**
 * Check whether a session ID exists.
 * 
 * @param	string	$session_id	Session ID in question.
 * @param	bool	$no_escape	Indicate whether to escape the variables or not.
 * 
 * @return	bool	<b>TRUE</b> if exists, <b>FALSE</b> if not.
 */
function session_id_is_exist($session_id, $no_escape = FALSE){

	db_connect();
	
	
	if(!$no_escape){
		$session_id = mysql_real_escape_string($session_id);
	}
	
	$sql = "SELECT `session_id` FROM `user_session` WHERE `session_id` = \"$session_id\";";
	
	$result = mysql_query($sql);
		
	
	//return
	if(mysql_num_rows($result) > 0){
		return TRUE;
	}
		
	return FALSE;	
}

 /**
 * Generate a unique session key.
 * 
 * @return	string	Session key.
 */
function session_gen_id(){
	
	$rc = rand().rand().rand().rand().rand();
	
	do{
		$rc = md5($rc);
	}while(session_id_is_exist($rc));
	
	return $rc;
}


/**
 * Set a session of a user in database.
 * 
 * @param	int		$user_id		User ID of the user.
 * @param	string	$session_id		Session ID to be set.(Default: generate automatically)
 * @param	bool	$no_escape		Indicate whether to escape the variables or not.
 * 
 * @return	bool	<b>TRUE</b> if successed, <b>FALSE</b> if failed.
 */
function session_set($user_id, $session_id = FALSE, $no_escape = FALSE){
	db_connect();
	
	if(!$session_id){
		$session_id = session_gen_id();
	}
	
	if(!$no_escape){
		$user_id = mysql_real_escape_string($user_id);
		$session_id = mysql_real_escape_string($session_id);
	}
	
	$sql = "INSERT INTO `user_session` (`user_id`, `session_id`, `login_time`, `last_heartbeat`, `expire_time`) VALUES (\"$user_id\", \"$session_id\", NOW(), NOW(), NOW() + INTERVAL ".SITE_DEFAULT_LOGIN_EXPIRE_TIME.");";
	
	
	mysql_query("LOCK TABLES user_session WRITE;");
	
	$result = mysql_query($sql);	
	
	mysql_query("UNLOCK TABLES;");
	
	if($result){
		return TRUE;
	}
		
	return FALSE;
}


/**
 * Update the last heartbeat of a session.
 * 
 * @param	string	$session_id		ID of session to be updated.
 * @param	bool	$no_escape		Indicate whether to escape the variables or not.
 * 
 * @return	bool	<b>TRUE</b> if successed, <b>FALSE</b> if failed.
 */
function session_update_heartbeat($session_id, $no_escape = FALSE){
	
	db_connect();
	
	if(!$no_escape){
		$session_id = mysql_real_escape_string($session_id);
	}
	
	
	$sql = "UPDATE `user_session` SET `last_heartbeat` = NOW() WHERE `session_id` = \"$session_id\";";
	
	
	//mysql_query("LOCK TABLES user_session WRITE;");
	
	$result = mysql_query($sql);	
	$affected_rows = mysql_affected_rows();
	
	//mysql_query("UNLOCK TABLES;");
	
	if($affected_rows > 0){
		return TRUE;
	}
		
	return FALSE;
}

/**
 * Check whether a session is valid (i.e. sessin exist and not expired).
 * 
 * @param	string	$session_id		ID of session in question.
 * @param	bool	$no_escape		Indicate whether to escape the variables or not.
 * 
 * @return	bool	<b>TRUE</b> if valid, <b>FALSE</b> if not.
 */
function session_is_valid($session_id, $no_escape = FALSE){

	db_connect();
	
	if(!$no_escape){
		$session_id = mysql_real_escape_string($session_id);
	}
	
	$sql = "SELECT `session_id` FROM `user_session` WHERE `session_id` = \"$session_id\" AND `expire_time` >= NOW();";
	
	$result = mysql_query($sql);
		
	
	//return
	if(mysql_num_rows($result) > 0){
		return TRUE;
	}
		
	return FALSE;
}

/**
 * Postpone the expiry time of a session.
 * 
 * @param	string	$session_id		ID of session to be postponed.
 * @param	string	$postpone_time	Time to postone.(Default: SITE_DEFAULT_LOGIN_EXPIRE_TIME)
 * @param	bool	$no_escape		Indicate whether to escape the variables or not.
 * 
 * @return	bool	<b>TRUE</b> if successed, <b>FALSE</b> if failed.
 */
function session_postpone_expiry($session_id, $postpone_time = SITE_DEFAULT_LOGIN_EXPIRE_TIME, $no_escape = FALSE){
	
	db_connect();
	
	if(!$no_escape){
		$session_id = mysql_real_escape_string($session_id);
		$postpone_time = mysql_real_escape_string($postpone_time);
	}
	
	
	$sql = "UPDATE `user_session` SET `expire_time` = NOW() + INTERVAL ".$postpone_time." WHERE `session_id` = \"$session_id\";";
	
	
	//mysql_query("LOCK TABLES user_session WRITE;");
	
	$result = mysql_query($sql);	
	$affected_rows = mysql_affected_rows();
	
	//mysql_query("UNLOCK TABLES;");
	
	if($affected_rows > 0){
		return TRUE;
	}
		
	return FALSE;
}

/**
 * Delete expired session in database.
 * 
 * @return	int		Number of records deleted.
 */
function session_clear_expired(){
	db_connect();
	
	$sql = "DELETE FROM `user_session` WHERE `expire_time` < NOW(); ";
	
	mysql_query("LOCK TABLES user_session WRITE;");
	
	$result = mysql_query($sql);	
	$affected_rows = mysql_affected_rows();
	
	mysql_query("UNLOCK TABLES;");
	
	return $affected_rows;
}

/**
 * Get the user ID of a session.
 * 
 * @param	string	$session_id		ID of session in question.
 * @param	bool	$no_escape		Indicate whether to escape the variables or not.
 * 
 * @return	int|FALSE	<b>User ID</b> of session, <b>FALSE</b> if failed.
 */
function session_get_user_id($session_id, $no_escape = FALSE){

	db_connect();
	
	if(!$no_escape){
		$session_id = mysql_real_escape_string($session_id);
	}
	
	$sql = "SELECT `user_id` FROM `user_session` WHERE `session_id` = \"$session_id\";";
	
	$result = mysql_query($sql);
		
	
	//return
	if($row = mysql_fetch_assoc($result)){
		return (int) $row['user_id'];
	}
		
	return FALSE;
}

